summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlhinds <lhinds@redhat.com>2017-03-08 12:32:57 +0000
committerlhinds <lhinds@redhat.com>2017-04-04 16:18:26 +0100
commitb35bc80ac2acf18463e4c18c8360862749aa0964 (patch)
treee9a71e311c0b7b4d01d7720d31876bdf0fd3939c
parentd9916ce77373f0f754486da73014e815f8ae7b54 (diff)
SSHD Service extensions
This change adds an `include` statement to bring in the extra functionality available from the existing puppet-ssh module in already available in RDO. By using puppet-ssh it provides a framework to allow the passing in of server options using just hiera values under ssh::server_options. For example, sshd_config banner can now be passed a server option, as well as all the new parameters outlined in the launchpad issue that the patch references for Closing. For this reason, the former augeas setting for `Banner /etc/issue` is now managed by the main puppet-ssh module instead. The change also allows population of MOTD text to `/etc/motd` as well as `issue.net`. $bannertext is refactored in accordance with patch [1] [1] https://review.openstack.org/#/c/442406/ Change-Id: Id329538fb7b623526f1d91d8a513cf3440c86a7c Closes-Bug: 1668543
-rw-r--r--Puppetfile_extras4
-rw-r--r--manifests/profile/base/sshd.pp56
-rw-r--r--releasenotes/notes/sshd-437c531301f458bb.yaml4
-rw-r--r--spec/classes/tripleo_profile_base_sshd_spec.rb62
4 files changed, 88 insertions, 38 deletions
diff --git a/Puppetfile_extras b/Puppetfile_extras
index 0b617b9..f224b9a 100644
--- a/Puppetfile_extras
+++ b/Puppetfile_extras
@@ -48,3 +48,7 @@ mod 'systemd',
mod 'opendaylight',
:git => 'https://github.com/dfarrell07/puppet-opendaylight',
:ref => 'master'
+
+mod 'ssh',
+ :git => 'https://github.com/saz/puppet-ssh',
+ :ref => 'v3.0.1'
diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp
index e7916c1..f43089c 100644
--- a/manifests/profile/base/sshd.pp
+++ b/manifests/profile/base/sshd.pp
@@ -15,47 +15,45 @@
#
# == Class: tripleo::profile::base::sshd
#
-# SSH profile for tripleo
+# SSH composable service for TripleO
#
# === Parameters
#
# [*bannertext*]
-# The text used within SSH Banner
+# The text used within /etc/issue and /etc/issue.net
# Defaults to hiera('BannerText')
#
+# [*motd*]
+# The text used within SSH Banner
+# Defaults to hiera('MOTD')
+#
class tripleo::profile::base::sshd (
$bannertext = hiera('BannerText', undef),
+ $motd = hiera('MOTD', undef),
) {
- if $bannertext {
- $action = 'set'
- } else {
- $action = 'rm'
- }
-
- package {'openssh-server':
- ensure => installed,
- }
+ include ::ssh
- augeas { 'sshd_config_banner':
- context => '/files/etc/ssh/sshd_config',
- changes => [ "${action} Banner /etc/issue" ],
- notify => Service['sshd']
- }
-
- file { '/etc/issue':
- ensure => file,
- backup => false,
- content => $bannertext,
- owner => 'root',
- group => 'root',
- mode => '0600'
+ if $bannertext {
+ $filelist = [ '/etc/issue', '/etc/issue.net', ]
+ file { $filelist:
+ ensure => file,
+ backup => false,
+ content => $bannertext,
+ owner => 'root',
+ group => 'root',
+ mode => '0644'
+ }
}
- service { 'sshd':
- ensure => 'running',
- enable => true,
- hasstatus => false,
- require => Package['openssh-server'],
+ if $motd {
+ file { '/etc/motd':
+ ensure => file,
+ backup => false,
+ content => $motd,
+ owner => 'root',
+ group => 'root',
+ mode => '0644'
+ }
}
}
diff --git a/releasenotes/notes/sshd-437c531301f458bb.yaml b/releasenotes/notes/sshd-437c531301f458bb.yaml
index 0086cb0..5997289 100644
--- a/releasenotes/notes/sshd-437c531301f458bb.yaml
+++ b/releasenotes/notes/sshd-437c531301f458bb.yaml
@@ -1,3 +1,5 @@
---
features:
- - Added manifest and template to enable configuration of sshd_config
+ - Added /etc/issue & /etc/issue.net parameters
+ - Added MOTD banner parameters
+ - Added external module saz-ssh to allow management of sshd_config
diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb
index 210b41c..c611fe9 100644
--- a/spec/classes/tripleo_profile_base_sshd_spec.rb
+++ b/spec/classes/tripleo_profile_base_sshd_spec.rb
@@ -1,4 +1,4 @@
-# Copyright 2016 Red Hat, Inc.
+# Copyright 2017 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -13,18 +13,64 @@
# License for the specific language governing permissions and limitations
# under the License.
#
+# Unit tests for tripleo::profile::base::sshd
+#
require 'spec_helper'
describe 'tripleo::profile::base::sshd' do
- context 'with banner configured' do
- it do
- is_expected.to contain_file('/etc/issue').with({
- 'owner' => 'root',
- 'group' => 'root',
- 'mode' => '0600',
- })
+ shared_examples_for 'tripleo::profile::base::sshd' do
+
+ context 'it should do nothing' do
+ it do
+ is_expected.to contain_class('ssh')
+ is_expected.to_not contain_file('/etc/issue')
+ is_expected.to_not contain_file('/etc/issue.net')
+ is_expected.to_not contain_file('/etc/motd')
+ end
+ end
+
+ context 'with issue and issue.net configured' do
+ let(:params) {{ :bannertext => 'foo' }}
+ it do
+ is_expected.to contain_file('/etc/issue').with({
+ 'content' => 'foo',
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0644',
+ })
+ is_expected.to contain_file('/etc/issue.net').with({
+ 'content' => 'foo',
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0644',
+ })
+ is_expected.to_not contain_file('/etc/motd')
+ end
+ end
+
+ context 'with motd configured' do
+ let(:params) {{ :motd => 'foo' }}
+ it do
+ is_expected.to contain_file('/etc/motd').with({
+ 'content' => 'foo',
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0644',
+ })
+ is_expected.to_not contain_file('/etc/issue')
+ is_expected.to_not contain_file('/etc/issue.net')
+ end
+ end
+ end
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let (:facts) {
+ facts
+ }
+ it_behaves_like 'tripleo::profile::base::sshd'
end
end
end